<?php
$title_msg = 'Login';
$header_msg = 'Account login';

require_once ('db.php');
include_once('header.inc');

if (!(empty($_POST['test_username']))) {
	$sql = "SELECT * FROM `users` WHERE `username`='"
		. $_POST['test_username'] . "'";
	$usrstatement = $eebsdb->query($sql);
	$usrstatement->rowCount();
	if ($usrstatement->rowCount() > 0) {
		$usrarr = $usrstatement->fetch(PDO::FETCH_ASSOC);
		$checkpass = md5(md5($_POST['test_password']) . md5($usrarr['salt']));
		if ($checkpass === $usrarr['passhash']) {
			$_SESSION['USER_ID'] = $usrarr['id'];
			$_SESSION['USERNAME'] = $usrarr['username'];
			$_SESSION['USERGRP'] = $usrarr['group_id'];
/*			print_r($_SESSION);
			echo '<P>ladida</P>';
			print_r($usrarr);
*/			Header('Location: ./index.php');
		}
	}
}
if (!empty($_SESSION['USER_ID'])) {
	echo "<P>YOU ARE LOGGED IN</P>";
} else {
?>
<HTML>
<HEAD>
<TITLE>EEBS Login</TITLE>
</HEAD>
<P>
	<B>Supply a username and password.</B>
</P>
<FORM METHOD=POST ACTION="login.php">
	<P>USERNAME:
	<INPUT TYPE=TEXT NAME="test_username" SIZE=32></P>
	<P>PASSWORD:
	<INPUT TYPE=PASSWORD NAME="test_password" SIZE=32></P>
	<P><INPUT TYPE="SUBMIT" VALUE="SUBMIT">
	<P CLASS="sidebar"><A HREF="reg.php">Register</A></P>
</FORM>
<?php
	}
	include_once('footer.inc');
?>
